PGP, gpg-agent, and KDF criticisms?

Matthieu Weber mweber at free.fr
Tue Oct 27 22:06:14 CET 2020 

On Tue, 27 Oct 2020 at 02:48PM -0400, TRS-80 wrote:
> I then mention in passing (yesterday) that I have been considering
> pass[1], as it is essentially free-form text files with no limits on
> what you can put in them, in case anyone else following the issue
> wants to expand their options, as I have been thinking about doing.
> 
> Pretty quickly thereafter, both of main devs reply[2] with some
> criticisms of PGP, gpg-agent, and some other concept (KDF?)

A KDF is a key-derivation function i.e., a function that allows to
generate a cryptographic key based on a passphrase (more from Wikipedia
https://en.wikipedia.org/wiki/Key_derivation_function ). Why it is
relevant to their rant against GPG, I don't know. Maybe their argument
is that if you chose a weak passphrase for your secret key, your secret
key is protected by a weak passphrase? That's no news. Maybe a KDF would
make the secret key a bit better protected than without a KDF? Again, I
don't know enough cryptography to answer that (but I will make the
educated guess that the argument is that the KDF is designed to be
a slow algorithm, and therefore unpractical to use in brute-force
attacks). My counter-argument is to use a password with enough entropy
to be actually safe instead of relying on the fact that a given
algorithm implementation (the KDF) is slow today. We'll all be sorry
anyway once quantum computers become available :)

> which I am not actually even familiar with.  The following are their
> comments, which I quote in full:
> 
> > droidmonkey
> > 
> > Pass offers the barest minimal protections. I would never endorse
> > the product because it is very easy to expose all of your secrets to
> > any program by using gpg-agent to remember your credentials. There
> > is also no concept of a KDF so brute forcing is an option, in fact
> > their encryption method is undocumented or at least not readily
> > apparent from their website.

So if you use gpg-agent, your secret key is not safe? Well yes, that's
true, the whole purpose of the agent is to trade a bit of security for
a bit of convenience. If that's the worry, don't use gpg-agent and
that's it. Regarding “their encryption method is undocumented”, who
is “they” in that sentence? GPG? Pass? Me? That kind of FUD is not
constructive, I'm afraid.

But as a general rule, you should know what you are doing and the
consequences of your choices (which admittedly is not easy on modern
computer systems), and before starting to use pass, you must be aware
that it is not a consumer product (it's a command-line tool, for
starters :) ), so some understanding of how it works is required IMO.

Matthieu
-- 
 (~._.~)        Matthieu Weber - matthieu at weber.fi.eu.org        (~._.~)
  ( ? )                 https://weber.fi.eu.org/                  ( ? )
 ()- -()           public key id : 0x85CB340EFCD5E0B3            ()- -()
 (_)-(_) "Humor ist, wenn man trotzdem lacht (Otto J. Bierbaum)" (_)-(_)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20201027/84e2c9ca/attachment.asc>

More information about the Password-Store mailing list